In the Claims 

The following listing of the claims replaces all previous listings. 

1 . (Currently Amended) A system for making a purchase transaction by PIN purchasing 
over the Internet comprising: 

a merchant's check out web page on a merchant server for a buyer to make a purchase 
from the buyer's browser; 

means for the buyer selecting PIN purchase as a payment method and for entering a debit 
card number; 

an Internet authorization server to which the merchant system re-directs said buyer's 
browser and to which the merchant system passes along a unique transaction id coupled to said 
transaction; 

means for said Internet authorization server displaying a secure PIN pad screen and using 
a unique session key; 

an input device for the buyer to enters enter a PIN; 
means for encrypting said using said unique session key; 

a host security module to which said Internet authorization server passes said encrypted 
PIN, said host security module generating an encrypted ANSI PIN block; 

means for said ANSI PIN block passing back to said Internet authorization server; 

means for said Internet authorization server returning control of said buyer's browser to 
said merchant server and passing along said unique transaction id; 

a payment request based on contents of a shopping cart and said payment method, 
wherein said payment request is created by said merchant server; 

an Internet payments server to which said merchant server sends said payment request, 
wherein said Internet payments server determines said payment type and formats a payment 
authorization request; 

an ATM/POS system to which said payment authorization request is routed, wherein said 
ATM/POS system takes said encrypted ANSI PIN block passed along with said payment request 
and routes said ANSI PIN block through a second host secure module to be decrypted and 
translated; 
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a data deposit account system wherein if said transaction is an on-us transaction, then 
said ATM/POS system validates said PIN and passes a transaction amount coupled to said 
transaction to said associated data deposit account system for authorization; 

a network coupled to the buyer's issuing financial institution, wherein if said transaction 
is an off -us transaction, then said authorization request is routed to said network to be further 
routed to said buyer's issuing financial institution; 

means for passing back to said ATM/POS system and finally back to said merchant 
server an authorization approval or denial. 

2. (Original) The system of claim 1, wherein said unique session is under Secure Sockets 
Layer (SSL) technology. 

3. (Original) The system of claim 1, wherein a link between said Internet authorization 
server and said Internet payments server is a secure link. 

4. (Canceled) 

5. (Original) A method for making a purchase transaction by PIN purchasing over the 
Internet, said method comprising the steps of: 

a buyer proceeding to a merchant's checkout page on a merchant server from a buyer's 
browser to make a purchase; 

said buyer selecting PIN Purchase as a payment method and entering an associated debit 
card number; 

said merchant server re-directing said buyer's browser to an Internet authorization server 
and passing a unique transaction id coupled to said transaction; 

said Internet authorization server displaying a secure PIN pad screen and using a unique 
session key; 

said buyer entering said PIN using an input device; 
encrypting said PIN using said unique session key; 

said Internet authorization server passing said encrypted PIN to a host secure module, 
wherein said host secure module generates an associated encrypted ANSI PIN block; 
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said Internet authorization server returning control of said buyer's browser to said 
merchant server along with said unique transaction id; 

said merchant server creating a payment request based on contents of said shopping cart 
and said payment method, wherein said merchant server sends said payment request to an 
Internet payments server; 

said Internet payments server determining a payment type and formatting a payment 
authorization request; 

said payment authorization request routing to an ATM/POS system, wherein said 
ATM/POS system takes said encrypted ANSI PIN block and routes it through a second host 
secure module to be decrypted and translated to an acquiring financial institution's encrypted PIN 
data; 

if said transaction is on-us, then said ATM/POS system validating said PIN and passing 
an associated transaction amount to a data deposit account system for authorization; 

if said transaction is off-us, then said authorization request routing to a network for 
routing to an issuing financial institution of said buyer; 

passing back to said ATM/POS system an authorization approval or denial, wherein said 
authorization approval or denial is routed to said Internet payments server and finally back to 
said merchant server. 

6. (Original) The method of claim 5, wherein said unique session is under Secure Sockets 
Layer (SSL) technology. 

7. (Original) The method of claim 5, wherein a link between said Internet authorization 
server and said Internet payments server is a secure link. 

8. (Canceled) 

9. (New) A method for making a purchase transaction over a network, the method 
comprising: 

receiving a request from a buyer to use PIN Purchase as a payment method; 



4 



sending instructions to the buyer's computer to display a secure PIN pad screen, the 
secure PIN pad screen being displayed by a browser running on the buyer' s computer, the secure 
PIN pad being programmed to allow the buyer to enter the buyer's PIN; and 

receiving an encrypted PIN from the buyer, the encrypted PIN having been entered using 
the secure PIN pad screen. 

10. (New) The method of claim 9, further comprising re-directing the buyer's browser to an 
Internet authorization server when the request to use PIN Purchase as a payment method is 
received. 

1 1 . (New) The method of claim 9, further comprising passing the encrypted PIN to a host 
secure module that generates an associated encrypted ANSI PIN block. 

12. (New) The method of claim 9, further comprising receiving an associated debit card 
number. 
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